<?php
require("header.php");

// todo, make verifying email work, login after regester
function display()
{
	echo '<form action="register.php" method="post"> 
	Email: <input type="text" name="Email" /> <br> 
	Password: <input type="password" name="Password" /> <br>
	Confirm Password: <input type="password" name="ConfirmPassword" /> <br>
	First Name: <input type="text" name="FirstName" /> <br> 
	Last Name: <input type="text" name="LastName" /> <br> 
	Gender: <input type="text" name="Gender" /> <br> 
	<img src = "get_captcha.php" width ="150" height = "75">
	<br>
	Verify: <input type="text" name="Verify" /> <br> 
	<input type="submit" /> </form>';
}

$error = 0;
if (!empty($_POST['Email']))
{
	$catpcha = strtoupper($_POST['Verify']);
	if (empty($catpcha) || empty($_SESSION['CAPTCHAString']) || $_SESSION['CAPTCHAString'] != $catpcha)
	{
		echo 'error verifying captcha';
		$error = 1;
	}
	else
	{
		$temp = $_POST['Email'];
		$safe_temp=mysql_real_escape_string($temp);	//must always escape characters before calling a sql statement from user input
		$result = mysql_query("SELECT * FROM user WHERE user_email='$safe_temp'");
		$row = mysql_fetch_array($result);
		if (empty($row))
		{
			if ($_POST['Password']==$_POST['ConfirmPassword'])
			{
				if (strlen($_POST['Password'])>5)
				{
					if (count_chars($_POST['Email'],1)>0)
					{
						$email = mysql_real_escape_string($_POST['Email']);
						$password = mysql_real_escape_string(sha1($_POST['Password']+salt));
						$firstname = mysql_real_escape_string($_POST['FirstName']);
						$lastname = mysql_real_escape_string($_POST['LastName']);


						$sql = mysql_query("INSERT INTO user VALUES ('','$firstname','$lastname','$email', '$password')");
						$result = mysql_query("SELECT * FROM user WHERE user_email='$email' ");
						$row = mysql_fetch_array($result);
						if (!empty($row["user_email"]))
						{
							if ($row["user_password"]==sha1($_POST["Password"])+salt)
							{

								$_SESSION["user_email"] = $row["user_email"];
								$_SESSION["user_id"] = $row["user_id"];
								$_SESSION["user_password"] = $row["user_password"];
							}
						}
						include 'index.php';
						exit;
					}
					else
					{
						echo 'not a valid email address';
						$error = 1;
					}
				}
				else
				{
					echo 'password not long enough';
					$error = 1;
				}
			}
			else
			{
				echo 'passwords do not match';
				$error = 1;
			}
		}
		else
		{
			echo 'account aready exists';
			$error = 1;
		}
	}
	if ($error==1)
	{
		display();
	}
}
else { display(); }
// for security, might want too have some means that they had visited this page prior rather than just submiting the info, so they cant get through without hitting the getcaptcha.php file.
?>

<a href='index.php'>index</a>